urlscan.io logo urlscan.io
SecurityTrails logo

blog.barracuda.com Open in urlscan Pro
4.234.25.19  Public Scan

Back to summary
URL: https://blog.barracuda.com/2024/06/18/new-report-business-email-compromise-email-attacks
Submission: On June 19 via api from TR — Scanned from GB

Form analysis 1 forms found in the DOM

GET https://blog.barracuda.com/search

<form method="GET" class="cmp-search-box__form" action="https://blog.barracuda.com/search">
  <input class="cmp-search-box__form__input" type="search" name="searchTerm" aria-label="Search for" placeholder="Search" value="" data-cmp-hook-header="searchInput">
  <a href="#" class="cmp-search-box__form__search-btn" aria-label="Search" data-cmp-hook-header="searchSubmit">
        <span class="cmp-search-box__form__search-btn__icon"></span>
    </a>
</form>

Text Content

 * Blog Home
 * Ransomware Protection
 * Research
 * AI and Security

 * Blog Home
 * Ransomware Protection
 * Research
 * AI and Security

Type a keyword and press enter to search


NEW REPORT: BUSINESS EMAIL COMPROMISE ACCOUNTS FOR 1 IN 10 EMAIL ATTACKS

Topics:
Jun. 18, 2024
|
Tilly Travers
Tweet
Share
Share
Tweet
Share
Share

Email-based social engineering threats are thriving as attackers continue to
adapt and evolve their tactics to increase their chances of success.

The latest analysis of email detection data by Barracuda researchers reveals
that while the landscape remains dominated by mass phishing and general scamming
attacks, there’s a steady rise in more targeted, and potentially more damaging
threats such as business email compromise and conversation hijacking.

The researchers analyzed 69 million email attacks across 4.5 million mailboxes
over a year. The findings are summarized in the new Email Threats and Trends
Report vol. 1, which shows that attackers are leveraging the capability of
generative AI to scale and tailor their attacks, and implementing QR codes, web
shortening links, and webmail to disguise their true nature and intent.

Among other things, the report shows that:

 * Business email compromise (BEC) attacks made up 10.6%, or more than 1 in 10,
   of social engineering attacks in 2023, and the numbers show a steady increase
   over time. BEC attacks accounted for 8% of attacks in 2022 and 9% in 2021. 
   
 * Conversation hijacking made up 0.5% of the social engineering attacks in the
   past year, an increase of almost 70% compared to 0.3% in 2022. Conversation
   hijacking attacks require a lot of effort to execute, but the payouts can be
   significant.
   
 * Phishing accounted for a third (35.5%) of social engineering attacks last
   year. These generally untargeted, mass attacks try to trick victims into
   clicking on a phishing link. Phishing emails have been used by attackers for
   years, and they remain worryingly successful. The Data Breach Investigation
   Report, 2024 found that it took on average less than 60 seconds for someone
   to fall for a phishing scam.
   
 * Around 1 in 20 mailboxes were targeted with QR code attacks in the last
   quarter of 2023. QR code attacks are difficult to detect using traditional
   email filtering methods. They also take victims away from corporate machines
   and force them to use a personal device, such as a phone or iPad, which isn’t
   protected by corporate security software.
 * Gmail was the most popular free webmail service used for social engineering.
   In 2023, Gmail accounted for 22% of the domains used for social engineering
   attacks, according to Barracuda’s data. Just over half the detected Gmail
   attacks were used for BEC attacks.
 * bit.ly was used in nearly 40% of social engineering attacks that include a
   shortened URL. URL shorteners condense the link, so the actual link of the
   site becomes obscured with random letters or numbers. Using this tactic can
   disguise the true nature and destination of the link.

People are vulnerable targets for social engineering. Last year, just over
two-thirds (68%) of data breaches involved a ‘non-malicious’ human element — in
other words, an ordinary employee just trying to get on with their job who was
caught unawares.

Social engineering attacks from BEC and conversation hijacking to extortion,
phishing, scamming and spam need to be taken seriously and either blocked at the
gate or quickly contained, neutralized, and eliminated if they make it through.

This is not just about having the right security tools, policies, and programs
in place — although that remains critical. IT and security professionals need to
understand how the email threat ecosystem is evolving and what this means for
the organization and its employees in terms of risk, resilience, and incident
response. 

Get the report
Tilly Travers

Tilly Travers is Director, PR and Communications, International for Barracuda.

Related Posts:
5 ways AI is being used to improve security: Security awareness training
Barracuda wins 5 Global InfoSec Awards
New HHS initiative to help with healthcare cybersecurity
The email Turing Test
Tweet
Share
Share
Tweet
Share
Share

--------------------------------------------------------------------------------


Popular Posts

Who is behind Cactus ransomware? LockBit to FBI: 'You can't stop me' How
attackers weaponize generative AI through data poisoning and manipulation
ALPHV-BlackCat ransomware group goes dark 5 Ways cybercriminals are using AI:
Malware generation

Topics

13 Email Threat Types Ransomware Protection Microsoft 365 Email Protection
Network Protection Application and Cloud Protection Data Protection and Recovery
Healthcare Education Industrial and IoT Security Managed Services Digital
Transformation Barracuda Engineering

Resources

Free Email Threat Scan Cyber Liability Insurance Guide Careers at Barracuda
Barracuda Engineering Barracuda News Room

2024 © Journey Notes
 * Email Protection
 * Application Protection
 * Network Protection
 * Data Protection
 * Managed XDR




COOKIE ACCEPTANCE

We use cookies to make our website work. We and our partners would also like to
set optional cookies for analytics purposes, as well as to measure and improve
the performance of the website, and to remember your preferences and provide you
enhanced functionality and personalization. Click on the Cookies Preferences
button to find out more and set your preferences.

Click on the Accept All button if you consent to the use of all such cookies. If
you choose to allow the use of such cookies, you will be able to withdraw your
consent at any time. Please refer to our Privacy Policy to better understand
your rights.Privacy Policy
Accept All Cookies
Cookie Preferences



HOW BARRACUDA USES COOKIES




YOUR PRIVACY

YOUR PRIVACY

Barracuda Sites may request cookies to be set on your device. We use cookies to
let us know when you visit our Barracuda Sites, to understand how you interact
with us, to enrich and personalize your user experience, to enable social media
functionality and to customize your relationship with Barracuda, including
providing you with more relevant advertising. Note that blocking some types of
cookies may impact your experience on our Barracuda Sites and the services we
are able to offer.


 * STRICTLY NECESSARY COOKIES
   
   STRICTLY NECESSARY COOKIES
   
   Always Active
   Strictly Necessary Cookies
   
   These cookies are necessary for the website to function and cannot be
   switched off in our systems. They are usually only set in response to actions
   made by you which amount to a request for services, such as setting your
   privacy preferences, logging in or filling in forms. You can set your browser
   to block or alert you about these cookies, but some parts of the site will
   not then work.


 * ANALYTICS COOKIES
   
   ANALYTICS COOKIES
   
   Analytics Cookies
   
   These cookies help Barracuda to understand how visitors to our pages engage
   within their session. Analytics Cookies assist in generating reporting site
   usage statistics which do not personally identify individual users.


 * PERFORMANCE COOKIES
   
   PERFORMANCE COOKIES
   
   Performance Cookies
   
   These cookies allow us to count visits and traffic sources so we can measure
   and improve the performance of our site. They help us to know which pages are
   the most and least popular and see how visitors move around the site. If you
   do not allow these cookies we will not know when you have visited our site,
   and will not be able to monitor its performance.


 * TARGETING COOKIES
   
   TARGETING COOKIES
   
   Targeting Cookies
   
   These cookies may be set through our site by our advertising partners. They
   may be used by those companies to build a profile of your interests and show
   you relevant adverts on other sites. They do not directly identify you, but
   are based on uniquely identifying your browser and internet device. If you do
   not allow these cookies, you will experience less targeted advertising.


 * FUNCTIONAL COOKIES
   
   FUNCTIONAL COOKIES
   
   Functional Cookies
   
   These cookies enable the website to provide enhanced functionality and
   personalisation. They may be set by us or by third party providers whose
   services we have added to our pages. If you do not allow these cookies then
   some or all of these services may not function properly.

Back Button


ADVERTISING COOKIES

Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts

Select All



Clear Filters

Information storage and access
Apply
Confirm My Choices